formatting-build-output
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it is designed to process and format compiler logs which may contain untrusted data from source code comments or third-party error messages.
- Ingestion points: Standard output and error logs from
xcodebuildandswiftbuild commands (SKILL.md). - Boundary markers: The TOON format uses structured keys but lacks explicit delimiters or instructions to ignore embedded prompts within the 'message' fields.
- Capability inventory: Command execution of build tools and the
xcsiftutility. - Sanitization: No evidence of input sanitization or output escaping for log content is provided.
- [COMMAND_EXECUTION]: The skill instructs the agent to perform command-line operations, specifically piping build output from standard development tools into the
xcsiftutility. - [NO_CODE]: The skill package contains no scripts or binary assets; it functions as a documentation-only extension providing usage instructions for an external tool.
Audit Metadata